Mitel Product Security Advisory 20-0007

Mitel MiVoice 6800 and 6900 series SIP Phones - Memory Disclosure Vulnerability

Advisory ID: 20-0007

Publish Date: 2020-06-02

Last Updated: 2020-06-02

Revision: 1.0

 

Summary

The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones firmware could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. A successful exploit could allow an attacker to gain access to sensitive information.

Risk may be significantly reduced by ensuring that Mitel MiVoice SIP Phones are deployed in well protected networks.

Credit is given to Matthew Byrdwell, an Independent Security Researcher, for highlighting this issue and bringing this to our attention.

Mitel is recommending customers with affected product versions, update to the latest release.

 

Affected Products

Security Bulletins are being issued for the following products:

 

Risk Assessment

The risk for this vulnerability is rated as High. Refer to the product Security Bulletins for additional statements regarding risk.

 

Mitigation / Recommended Action

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.

Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.

 

External References

N/A

 

Related CVEs / CWEs / Advisories

CVE-2020-13617

 

Revision History

Formats the Html codes.FormatFix the Html to be XHtml compliantFix Write Validate that the text is XHtml compliant.Validate Proofing
Version Date Description
1.0 2020-06-05 Initial version
Ready to talk to sales? Contact us.